A delay-based probing technique for the discovery of a firewall's accept rules

摘要

Firewalls are widely used nowadays to protect networks, and they may also become the target of DoS attacks. To achieve this, the attacker needs to recognize the firewall access control list, i.e., rule-set, and the order of rules inside this list. The attacker can then launch an attack by targeting rules at the bottom of this list. This makes the firewall busy with processing dummy requests, its performance degrades sharply, and it may go down. In this paper, a method to identify the order of the rules within the rule-set is presented. Then, a mechanism to make the sampling algorithm more efficient is described. We focus on discovering information related to the accept-rules only of a firewall's policy. Results show that a high level of precision and recall can be obtained for deducing the order of rules within a rule-set while requiring a very low cost.